fix: harden tubco login matching

backend/workflows/tests/test_account_ui.py

@@ -2,6 +2,7 @@ from django.contrib.auth import get_user_model
 from django.test import Client, TestCase
 from django.utils import timezone
 
+from workflows.forms import UserManagementCreateForm
 from workflows.models import UserProfile
 from workflows.roles import ROLE_PLATFORM_OWNER, assign_user_role
 from workflows.totp import generate_totp_token
@@ -194,3 +195,28 @@ class AccountUISmokeTests(TestCase):
         )
 
         self.assertEqual(response.status_code, 302)
+
+    def test_login_accepts_username_case_insensitively(self):
+        client = Client()
+
+        response = client.post(
+            '/accounts/login/',
+            {'username': 'PROFILE-USER', 'password': 'secret-12345'},
+            HTTP_HOST='localhost',
+        )
+
+        self.assertEqual(response.status_code, 302)
+
+    def test_user_management_create_form_rejects_case_insensitive_username_duplicate(self):
+        form = UserManagementCreateForm(
+            data={
+                'first_name': 'Another',
+                'last_name': 'User',
+                'username': 'PROFILE-USER',
+                'email': 'another@example.com',
+                'role_key': 'staff',
+            }
+        )
+
+        self.assertFalse(form.is_valid())
+        self.assertIn('username', form.errors)